Thursday, June 12, 2008

Adding OpenID to an existing ASP.NET application

[Updated 22:00 12 June 2008] To include improvements suggested by Andrew Arnott.

In this post I'll describe the steps I took to add OpenID support to an existing ASP.NET app that used forms authentication. The application originally used the users email address as their username. The OpenID login process therefore needs to provide an email address to avoid having to rewrite loads of code. Not all OpenID providers allow email addresses to be sent so new users might have to partially re-register the first time they use their OpenID.

  1. Downloaded the latest DotNetOpenID zip file from http://dotnetopenid.googlecode.com/files/
  2. Unziped the package
  3. Copied and renamed login.aspx and login.cs from \Samples\RelyingPartyPortal to my project's root folder, renaming them loginOpenID.aspx and loginOpenID.cs. Changed codebehind attribute in loginOpenID.aspx from CodeBehind="login.aspx.cs" to CodeBehind="loginOpenID.aspx.cs". I then added a link named "Login with OpenID" on my original login.aspx page pointing to the new loginOpenID.aspx page. I then changed some of the properties on the OpenIdLogin control as I wanted to ask the OpenID provider to supply the users FullName and Email address. Unfortunately some providers (eg Yahoo.com) do not allow the FullName & Email info to be sent so we'll have to deal with this in code later.

    <RP:OpenIdLogin ID="OpenIdLogin1"
    runat="server"
    RequestFullName="Require"
    RequestEmail="Require"
    RememberMeVisible="True"
    PolicyUrl="~/PrivacyPolicy.aspx"
    TabIndex="1"
    OnLoggedIn="OpenIdLogin1_LoggedIn"    
    OnCanceled="OpenIdLogin1_Canceled"
    OnFailed="OpenIdLogin1_Failed"
    OnSetupRequired="OpenIdLogin1_SetupRequired" RememberMe="True"
    />

  4. Copied \Samples\RelyingPartyPortal\Code\state.cs to my project's App_Code folder
  5. Copied \Samples\RelyingPartyPortal\xrds.aspx to my project's root folder. Modified this file to point to my new loginOpenID.aspx page changing

    <URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/login.aspx"))%></URI>

    to

    <URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/loginopenid.aspx"))%></URI>

  6. Copied \Samples\RelyingPartyPortal\privacypolicy.aspx to my project's root folder.
  7. I added the following to default.aspx (the default document for this domain).
    <%@ Register Assembly="DotNetOpenId" Namespace="DotNetOpenId" TagPrefix="openid" %>
    <openid:XrdsPublisher runat="server" XrdsUrl="~/xrds.aspx" />
    This was required to get myopenid.com accounts to work.
  8. Added a reference to the DotNetOpenID.dll from the \Samples\RelyingPartyPortal\bin folder
  9. I then added code to OpenIdLogin1_LoggedIn in loginOpenID.cs to ensure we have the user's real email address. If for whatever reason we cannot get their email address redirect them to the partially populated registration page.


     

    protected void OpenIdLogin1_LoggedIn (object sender, OpenIdEventArgs e)

        {

        State.ProfileFields = e.ProfileFields;

        

        //    Setup linq connection to SQL database                        

        DataClassesDataContext db = new DataClassesDataContext(ConfigurationManager.ConnectionStrings["DB_RW"].ConnectionString);

        People people = null;


     

        //    See if user has logged on using OpenID before                

        try

            {

            people = (from c in db.Peoples

                     where c.OpenID == e.ClaimedIdentifier.ToString()

                     select c).Single();

            }

        catch

            {

            }


     

        if (people == null)

            {

            //    This is the first time this OpenID identity has been used    

            if (e.ProfileFields.Email == null)

                {

                //    Force user to register as their OpenID provider did not send their email

                //    address (eg Yahoo.com) and this app needs their real email address.        

                e.Cancel = true;

                Response.Redirect("RegisterNewAccount.aspx?mode=OpenID_NoEmailSupplied");

                return;

                }

            else

                {

                //    See if user has created an account already                

                try

                    {

                    people = (from c in db.Peoples

                             where c.Email == e.ProfileFields.Email

                             select c).Single();

                    }

                catch

                    {

                    //    email address does not exist in our user table redirect user    

                    //    to registration page.                                            

                    e.Cancel = true;

                    Response.Redirect("RegisterNewAccount.aspx?mode=OpenID_UnknownEmail");

                    return;

                    }

                }

            }


     

        if (people.Status.StartsWith("Reject T&C"))

            {

            e.Cancel = true;

            loginFailedLabel.Text = "Your account has been suspended because you have rejected our T&C's.";

            loginFailedLabel.Visible = true;

            return;

            }


     

        if (people.Status != "Verified")

            {

            e.Cancel = true;

            loginFailedLabel.Text = "Your account has not been verified yet. Check your email for further instructions.";

            loginFailedLabel.Visible = true;

            return;

            }


     


     

        //    Remember OpenID identity for next time            

    people.OpenID = e.ClaimedIdentifier.ToString();
    people.LoginCount = (people.LoginCount ?? 0) + 1;

        db.SubmitChanges();


     

        //    I set some other Session variables here

    Session["UserEmail"] = people.Email;


     

    //    The openID code will now redirect to the requesting page    

    //    and set context.user.identity.name to the OpenID identity    

    //    eg http://andrew.jones.myopemid.com                            

    }

  10. The RegisterNewAccount.aspx pre-populates as much information as it can. Any additional user information sent by the OpenID provider is available in State.ProfileFields.

Thursday, June 05, 2008

DataGridViewRow SelectedRows selection order

When you use SelectedRows to get the selected rows from a DataGridView the order of items is dependent on the order they were selected. If you start at the top and select down the item list will be reversed. Selecting from the bottom row up is OK. Selecting random rows with CTRL pressed will leave the most recent item at the start of the list. The list therefore needs to be sorted based on the DataGridViewRow.Index property.

Here is a function to sort the list




// Create a generics list to hold selected rows so it can be sorted later
List<DataGridViewRow> SelectedRows = new List<DataGridViewRow>();


foreach (DataGridViewRow dgvr in yourDataGridViewControl.SelectedRows)
SelectedRows.Add(dgvr);

// Sort list based on DataGridViewRow.Index
SelectedRows.Sort (DataGridViewRowIndexCompare);




private static int DataGridViewRowIndexCompare (DataGridViewRow x, DataGridViewRow y)
{
if (x == null)
{
if (y == null)
{
// If x is null and y is null, they're
// equal.
return 0;
}
else
{
// If x is null and y is not null, y
// is greater.
return -1;
}
}
else
{
// If x is not null...
//
if (y == null)
// ...and y is null, x is greater.
{
return 1;
}
else
{
// ...and y is not null, compare the
// lengths of the two strings.
//
int retval = x.Index.CompareTo (y.Index);

if (retval != 0)
{
// If the strings are not of equal length,
// the longer string is greater.
//
return retval;
}
else
{
// If the strings are of equal length,
// sort them with ordinary string comparison.
//
return x.Index.CompareTo(y.Index);
}
}
}
}

Monday, June 02, 2008

TCP/IP Fundamentals

Microsoft have released a very useful (free) PDF book describing in details TCP/IP.

Download